Hi Team - We noticed in prefecthq/prefect:2.10.20-python3.10 and prefecthq/prefect:2.17.1-python3.10...

Chris Gunderson

04/16/2024, 8:10 PM

Hi Team - We noticed in prefecthq/prefect:2.10.20-python3.10 and prefecthq/prefect:2.17.1-python3.10 contains a critical vulnerability in zlib. https://security-tracker.debian.org/tracker/CVE-2023-45853 Can we upgrade zlib to this version? 1:1.3.dfsg-3

Chris Gunderson

04/16/2024, 8:13 PM

We are using the Prefect images as our base image.

Nate

04/16/2024, 8:47 PM

hi @Chris Gunderson - thanks for the report! looking into this

👍 1

Nate

04/16/2024, 9:26 PM

hi @Chris Gunderson - I do see that the version listed as vulnerable is installed on prefect images however it seems like this version is coming from the

python:{MINOR}-slim

base images that our images are built

FROM

Can we upgrade zlib to this version? 1:1.3.dfsg-3

Have you encountered any issues while trying to do this?

Chris Gunderson

04/16/2024, 9:26 PM

I haven't tried yet

Chris Gunderson

04/17/2024, 7:47 PM

Hi @Nate - I wasn't able to upgrade to the latest version which is on linux release trixie or sid. I think this is due to being on the bookworm release.

Chris Gunderson

04/17/2024, 7:49 PM

The python image may need to be updated first.

5 Views

Open in Slack

Previous Next

Prefect Community

Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.